We have a public facing Remote Desktop Server that is used to demo our software to clients. We are upgrading to new hardware and new network layout.
On our old server I set it so a special group could shadow other users without being a administrator. This was set so sales staff could join desktop session on the server with the clients to demo the software without giving sales administrative privileges on the server.
In on the new system we will be having multiple servers set up in a domain and I need to do the same thing again, however after searching for several hours I still can not find where that setting was that was set on the original server.
Where is the list of users/groups that have privileges to shadow other users set?
(note I am NOT looking for the GPO setting under Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections\Set rules for remote control of Remote Desktop Services user sessions
, I need the other side of that coin of who gets to connect to those sessions that have the above setting enabled)
You can set this on the Permissions tab of the RDP protocol component on the RDS server. Add the group/user to the permissions with the Allow permission for everything. This should allow the group/user to shadow a user session without the group/user needing Administrative rights to the RDS server.